dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3427
share rss forum feed


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

2 recommendations

Mozilla will automatically disable all plug-ins in Firefox

NetworkWorld | January 30, 2013

quote:
Mozilla yesterday announced it would automatically disable all plug-ins in Firefox (except the latest version of Adobe's Flash Player), citing security and stability reasons for the move.

The feature, called "click-to-play," has been part of Firefox since version 17, which launched last November, but Mozilla will restrict plug-ins even further going forward.

By default, click-to-play bars plug-in play, but users can override the block by clicking any grayed-out content area on a Web page. The technique has become popular as browser makers try to keep users safe from a rising tide of exploits that leverage bugs in plug-ins, particularly the Java browser plug-in.

Although Mozilla did not define a timeline, it will soon block all plug-ins other than the latest version of Flash. The block will include up-to-date versions of popular plug-ins such as Adobe's Acrobat Reader, Microsoft's Silverlight and Oracle's Java.

Mozilla said the drastic step was needed to safeguard users from "drive-by" attacks, which trigger exploits as soon as a victim visits a malicious or compromised website.
»www.networkworld.com/news/2013/0···266.html
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.
»bit.ly/V5mACB - How-To: Destroying a faulty keyboard

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

it is not going to be good if they block the 10.x version of flash player.. lots of people have problems with the 11.x version of flash player when using it with "firefox"..

look at what mozilla support says for solving problems with flash player.. over and over and over again they say the solution to all of the problems is to use the 10.x version of flash player:

»support.mozilla.org/en-US/kb/ado···-crashed

i have only heard one person say that they didn't have problems with using the 11.x version of flash player with firefox, and i have to wonder if the reason is that that one person never tried using flash player to watch videos, where all they saw it used for was to generate a graphic on a webpage..



Selenia
I love Debian
Premium
join:2006-09-22
Fort Smith, AR
kudos:2

Flash 11 on Debian Linux running like a champ on this laptop. Then again, I use Chromium(based on Chrome without the GoogleWare). 1080p videos are silky smooth on its somewhat lowly HD4200 graphics but fairly powerful cpu.



kickass69

join:2002-06-03
Lake Hopatcong, NJ

1 edit

1 recommendation

reply to Smokey Bear

Seems like it's just one more way for browser makers to control and collect what we do online. It's not the browser makers responsibility to be parents and keep their kids er users safe. Overreaching vs responsibility, education and common sense.



beck
Premium,MVM
join:2002-01-29
On The Road
kudos:1

1 recommendation

reply to Smokey Bear

Well, what if I don't want my plug ins turned off? Pretty f*ing high handed of them.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Smokey Bear

• »blog.mozilla.org/security/2013/0···plugins/
• »addons.mozilla.org/en-US/firefox/blocked/


Curiosity

join:2001-10-01
Dawson Creek, BC
reply to Smokey Bear

What have they got against Quicktime or Windows videos such as asf, wmv or avi? I have seen no problems with those. I can kind of see the objection to Silverlight, since it gives no way to shut off access to webcam or microphone except by setting the wrong device.



kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to beck

There's got to be a way to rip this feature out of Firefox. Pro users like ourselves don't need this. Mozilla has gone the same way as Google with Chrome and Opera...not much different at this rate acting all big brother on us as if they know better than we do and have no control over 'features' like this anymore.



therube

join:2004-11-11
Randallstown, MD
reply to redwolfe_98

quote:
January 29, 2013: Flash Player Plugin 10.2.* and lower (click-to-play)
The current version of Flash 10 is 10.3.*, so that is not being blocked (currently).


therube

join:2004-11-11
Randallstown, MD
reply to Smokey Bear

It's probably not a bad thing.
They do have the data to back up their move.
(Sending in those crash reports does help.)
They know well what plugins are vulnerable or that do cause crashes.
"Plugins" are the new game & everyone & their sister wants in on it.
All kinds of crapware now end up installing plugins, often unbeknownst to the user.

Take a look at your plugins right now.
(about:plugins & about:addons)
Just what do you have? Anything related to .NET? Windows Activation Technologies?
Just what in the world would anyone need anything like that for?

(Mine says Flash, & the rarely used anymore, WMP plugin.)

Ages ago, I may have used Quicktime. Possibly Real. Bugs, crashes, in those days had forced me to give them up. These days, it is (for me at least) rare to even find those formats & if I happen to, I can download the media & play it in my media player. (That likely is not a viable option for all.)

Would assume even if there is a blanket OFF, there will still be afforded (about:config) Preference methods to enable particular plugins.

quote:
During this change we will monitor the results and feedback of the new settings and UI to ensure we’re providing a quality experience and delivering the many benefits of Click to Play to Firefox users.

And I'm sure they're going to hear a lot of flack about this, & are prepared for that too, & that will affect how they go forward.


Lagz
Premium
join:2000-09-03
The Rock
reply to Smokey Bear

If I lose NoScript and Adblock plus, then they will lose me.



goalieskates
Premium
join:2004-09-12
land of big

1 edit

1 recommendation

reply to beck

said by beck:

Well, what if I don't want my plug ins turned off? Pretty f*ing high handed of them.

+1

It's still my pc, not theirs. My responsibility, and ultimately my decision.

They need to get over themselves.

ETA: Firefox used to be the "yes you can" browser. They've turned into the "no you can't" nanny browser. It's really sad.


therube

join:2004-11-11
Randallstown, MD

2 recommendations

reply to Lagz

> If I lose NoScript and Adblock plus, then they will lose me.

Those are extensions, not plugins.

Though if they deemed it necessary, they could block those too, blocklist.xml.



therube

join:2004-11-11
Randallstown, MD
reply to goalieskates

Do you install security updates from MS?
Including those ones, those "killbits"?

Killbits are "no you can't"?

Do you use that service from Google (also included in FF) that says, "no you can't" when you want to visit a "bad" website?

Do you use the OpenDNS service, & one that filters, oh "bad" stuff? Perhaps porn or warez or whatever "bad" might be, you know, one of those "no you can't" DNS services.

Do you specifically try avoid particular websites when you browse, because you know they are bad or harbor bad things? Well guess what, in that case you are your very own "no you can't".

And in the end, for every "no you can't", well there is a way to "just say yes".



ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to Smokey Bear

I think it's a great idea!

I use Iron where all my plugins are disabled and the click to play is used.........it works great.


--
Sarcasm is the body’s natural defense against stupidity.



NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to goalieskates

said by goalieskates:

said by beck:

Well, what if I don't want my plug ins turned off? Pretty f*ing high handed of them.

+1

It's still my pc, not theirs. My responsibility, and ultimately my decision.

They need to get over themselves.

ETA: Firefox used to be the "yes you can" browser. They've turned into the "no you can't" nanny browser. It's really sad.


It may be your PC but it is their product to design and build anyway they please (see fit). If you don't like their product then don't use it.

Quite frankly the masses need this protection. It is unreasonable to expect everyone out there using a computer to be a tech guru and keeping up to date with all the security threats and issues. Just like it would be unreasonable for everyone out there driving a car to do all their own maintenance and repairs. Some can but the masses cannot. Especially when it comes to safety devices such as brakes and air bags. And it is unreasonable to expect them too. Safety devices are not always only for the safety of the user/operator but the safety of others as well.

--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation


firefoxuser

@centurytel.net
reply to kickass69

said by kickass69:

There's got to be a way to rip this feature out of Firefox. Pro users like ourselves don't need this. Mozilla has gone the same way as Google with Chrome and Opera...not much different at this rate acting all big brother on us as if they know better than we do and have no control over 'features' like this anymore.

They should make a way to disable this in about:config but if you cant disable this I will uninstall it and go back to another browser.


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1

Why?

Flash is basically the only plugin that is really needed for videos,and with the click to play it'll be easy.

Lets not get too paranoid with this move.........it's a good one.
--
Sarcasm is the body’s natural defense against stupidity.



goalieskates
Premium
join:2004-09-12
land of big

2 recommendations

reply to NOYB

said by NOYB:


It may be your PC but it is their product to design and build anyway they please (see fit). If you don't like their product then don't use it.

Quite frankly the masses need this protection.

The masses do NOT need this protection. Your basic assumption (and that of FF) is that the masses are all stupid and won't listen if warned. It's a top down, we-are-the-experts mindset, much like DHS preaches, and really not that far from tyranny. Big Brother will decide. Even if they get it wrong, they will decide.

It's also light years away from the original spirit of Mozilla. That may not bother you, but it's a definite shift away from what they were, and I find that really sad. They were special, and it made them great. A lot of really generous and talented people contributed to them in a spirit of openness and giving. They didn't sneer at the masses or their own customers.

Now they're just a royal pita, and I find myself unwilling to update any of their stuff for fear of "features" like this one. If nothing else, this gives me newfound respect for all those companies that refuse to budge off IE6 - and find other ways to secure their browsers. Maybe they have a point we've all been overlooking - that you can as easily be taken out by your browser vendor as you can by the bad guys. Either way, you're dead. Heh.


firefoxuser

@centurytel.net
reply to ZZZZZZZ

said by ZZZZZZZ:

Why?

Flash is basically the only plugin that is really needed for videos,and with the click to play it'll be easy.

Lets not get too paranoid with this move.........it's a good one.

I did not ask for click-to-play or to break the web with this enabled by default. I will say this if moz don't give us a way to fully disable this I will be uninstalling firefox. I do not like any application blocking previous versions of flash and other plugins under some sort of security garbage that you must click to play first.

As the owner of my PC my choice will be to never use firefox if it cant be disabled.

Just like M$ wanting to charge a monthly fee for the windows blue OS and office its my choice to find better alternatives.

I think this is really more a push to html5 but you would have to ask Mozilla that question. I do see your point this will help safe guard users who don't know the web that well and that is a good thing but for the rest of us I want options not forced compliance.


Maven
Premium
join:2002-03-12
Canada
reply to Selenia

said by Selenia:

Flash 11 on Debian Linux running like a champ on this laptop. Then again, I use Chromium(based on Chrome without the GoogleWare). 1080p videos are silky smooth on its somewhat lowly HD4200 graphics but fairly powerful cpu.

Did you manage to get video acceleration going on that 4200? Or is the processor doing the work?


Selenia
I love Debian
Premium
join:2006-09-22
Fort Smith, AR
kudos:2

Got video acceleration. Requires kernel 3.2, Gallium3D(both in backports, gallium is built into the xserver update), and DRI2). You can get 2D with a stock install and "radeon" driver and a little 3D. This gives you 3D. For both scenarios, I needed the restricted firmware(stable is fine for "radeon" driver but backported version needed for Gallium3D to make hardware acceleration work with Open source drivers. Not sure if Flash acceleration was working with "radeon" as I only kept it for a bit and the Gallium3D does work with Flash acceleration. Word of warning, a bug with kde and the driver means you better use xrender mode to avoid corruption when going from full screen opengl to the desktop.
--
A fool thinks they know everything.

A wise person knows enough to know they couldn't possibly know everything.

There are zealots for every OS, like every religion. They do not represent the majority of users for either.



Lagz
Premium
join:2000-09-03
The Rock
reply to therube

said by therube:

> If I lose NoScript and Adblock plus, then they will lose me.

Those are extensions, not plugins.

Though if they deemed it necessary, they could block those too, blocklist.xml.

Mozilla isn't blocking "extensions"? Did I mention plug-ins? Nope I mentioned add-ons or "extensions" whichever you prefer. Here's a direct link that siljaline had posted which I was referring to. Blocked

edit: I am extremely happy they are blocking plug-ins. I hate seeing some damned google updater plugin or Microsoft plug-in that I specifically didn't ask for.
--
When somebody tells you nothing is impossible, ask him to dribble a football.


kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to goalieskates

Well atleast I found a way to get around Click-to-Play so to speak. I just open Blocklist.xml and remove everything under the "Pluginitems" section.

As therube pointed out above with »kb.mozillazine.org/Blocklist.xml you can also turn off updating and enter the updates you want from the list online.

This is what Pro users like ourselves and Corporate customers using the ESR releases need to get around this and take back control.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4
reply to therube

said by therube:

And in the end, for every "no you can't", well there is a way to "just say yes".

Apparently not so. At least not with Win 8.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4

1 recommendation

reply to kickass69

Why don't you just disable blocklist in about:config?

extensions.blocklist.enabled;false

I have used the Proxomitron since 2002. It gives me a toggle switch for Flash, Java, etc. I love that because the last thing I want is Flash automatically playing some dumb video when I go to a site. So, I don't see the objection to "click to play". As I understand it, there is no "blocking". Mozilla is doing the same thing Proxo has always done....Mozilla is just very late to the party. I don't use flash on Fx anymore though at all because of the two crap services connected to it that Mozilla has so badly designed that they have to run all the time for no reason.

My current concern is HTML5. Why is Mozilla not also making that click to play? They should.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



therube

join:2004-11-11
Randallstown, MD

1 recommendation

reply to firefoxuser

> I did not ask for click-to-play

It can be disabled.

> I will say this if moz don't give us a way to fully disable this I will be uninstalling firefox

I'm sure plenty will feel likewise.

> I think this is really more a push to html5

That is a possibility, though I wouldn't expect that to be their reasons for wanting to do this. html5 will have (does have) its own issues.

So we need to stay apprised, see what's going on, see what their intentions are, & steer their decisions.



therube

join:2004-11-11
Randallstown, MD
reply to Mele20

> Apparently not so. At least not with Win 8.

You're speak of what, the OS itself?


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4

It's OT but briefly, as one example, Microsoft will not allow a user (even with full Admin rights and UAC disabled in the registry) to turn off Automatic Maintenance in Win 8. You can disable it, but it re-enables itself before its next every 24 hour scheduled maintenance).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Khaine

join:2003-03-03
Australia
reply to goalieskates

said by goalieskates:

said by NOYB:


It may be your PC but it is their product to design and build anyway they please (see fit). If you don't like their product then don't use it.

Quite frankly the masses need this protection.

The masses do NOT need this protection. Your basic assumption (and that of FF) is that the masses are all stupid and won't listen if warned. It's a top down, we-are-the-experts mindset, much like DHS preaches, and really not that far from tyranny. Big Brother will decide. Even if they get it wrong, they will decide.

The masses have shown that they are not computer literate and need a helping hand at every turn to keep their computer secure.

Further, flash is proprietary software, that inhibits the uptake of open standards like html video, so I'm not quite sure how you can equate blocking it to tyranny. If you want to run insecure software you still can. If you read the original blog post (»blog.mozilla.org/security/2013/0···plugins/) about this:

quote:
Mozilla is changing the way Firefox loads third party plugins such as Flash, Java and Silverlight. This change will help increase Firefox performance and stability, and provide significant security benefits, while at the same time providing more control over plugins to our users.

Previously Firefox would automatically load any plugin requested by a website. Leveraging Click to Play Firefox will only load plugins when a user takes the action of clicking to make a particular plugin play or the user has previously configured Click To Play to always run plugins on the particular website.

No where does it say they are taking that choice away from you.